Exploits / Vulnerability Discovered : 2019-05-20 |
Type : local |
Platform : windows
This exploit / vulnerability Huawei espace 1.1.11.103 dll hijacking is for educational purposes only and if it is used you will do on your own risk!
Summary: Create more convenient Enhanced Communications (EC) services for your
enterprise with this suite of products. Huawei’s EC Suite (ECS) solution combines
voice, data, video, and service streams, and provides users with easy and secure
access to their service platform from any device, in any place, at any time. The
eSpace Meeting allows you to join meetings that support voice, data, and video
functions using the PC client, the tablet client, or an IP phone, or in a meeting
room with an MT deployed.
Desc: eSpace suffers from a DLL Hijacking issue. The vulnerability is caused due
to the application loading libraries (mfc71enu.dll, mfc71loc.dll, tcapi.dll and
airpcap.dll) in an insecure manner. This can be exploited to load arbitrary libraries
by tricking a user into opening a related application file (.html, .jpg, .png)
located on a remote WebDAV or SMB share.
Tested on: Microsoft Windows 7 Professional
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic